build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3

[dependabot]

Bumps actions/dependency-review-action from 4.8.2 to 4.8.3.

Release notes

Sourced from actions/dependency-review-action's releases.

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in actions/dependency-review-action#1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in actions/dependency-review-action#995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in actions/dependency-review-action#1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in actions/dependency-review-action#1005
• Upgrade glob to address a vulnerability by @​brrygrdn in actions/dependency-review-action#1024
• Bump js-yaml by @​dependabot[bot] in actions/dependency-review-action#1020
• Addressing vulnerabilities by @​Ahmed3lmallah in actions/dependency-review-action#1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in actions/dependency-review-action#1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in actions/dependency-review-action#1053
• Properly truncate long summaries and catch errors by @​juxtin in actions/dependency-review-action#1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in actions/dependency-review-action#931
• Changes for Release 4.8.3 by @​ahpook in actions/dependency-review-action#1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

Commits

• 05fe457 Merge pull request #1054 from actions/ahpook/release-4.8.3
• 3a8496c Update generated package files for v4.8.3
• 0f22a01 Update CONTRIBUTING for new release process
• 58be343 Updating package versions for 4.8.3
• 9284e0c Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-20...
• 8b76656 Bump spdx-expression-parse in the spdx-licenses group across 1 directory
• 43f5f02 Merge pull request #1052 from actions/juxtin/fix-long-summaries
• f0033fc Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser...
• b379e2e Bump fast-xml-parser from 5.3.5 to 5.3.6
• 2e1cf54 Properly truncate long summaries and catch errors
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

This pull request was validated by pint.

✔️ No problems found

Stats

Stat	Value
Version	v0.79.0-32-g429a0829
Number of rules parsed	9
Number of rules checked	9
Number of problems found	0
Number of offline checks	0
Number of online checks	0
Checks duration	0

Problems

No problems reported

[github-actions]

Benchmark diff:

goos: linux
goarch: amd64
pkg: github.com/cloudflare/pint/cmd/pint
cpu: AMD EPYC 7763 64-Core Processor                
                    │   old.txt   │              new.txt               │
                    │   sec/op    │   sec/op     vs base               │
GlobFinder-4          18.71m ± 2%   18.81m ± 1%       ~ (p=0.165 n=10)
GitFinder-4           374.8m ± 1%   379.1m ± 1%  +1.15% (p=0.000 n=10)
CheckRules-4           9.626 ± 1%    9.623 ± 1%       ~ (p=0.739 n=10)
RuleIsIdentical-4     5.232m ± 1%   5.261m ± 1%       ~ (p=0.280 n=10)
GetChecksForEntry-4   113.3m ± 1%   112.7m ± 1%       ~ (p=0.105 n=10)
geomean               131.9m        132.4m       +0.35%

                    │     old.txt     │                new.txt                 │
                    │      B/op       │     B/op       vs base                 │
GlobFinder-4           7.134Mi ± 0%      7.133Mi ± 0%       ~ (p=0.105 n=10)
GitFinder-4            16.09Mi ± 1%      16.09Mi ± 1%       ~ (p=0.853 n=10)
CheckRules-4          1002.5Mi ± 0%     1004.4Mi ± 0%  +0.20% (p=0.005 n=10)
RuleIsIdentical-4        0.000 ± 0%        0.000 ± 0%       ~ (p=1.000 n=10) ¹
GetChecksForEntry-4    56.55Mi ± 0%      56.55Mi ± 0%       ~ (p=0.725 n=10)
geomean                             ²                  +0.04%                ²
¹ all samples are equal
² summaries must be >0 to compute geomean

                    │    old.txt    │               new.txt                │
                    │   allocs/op   │  allocs/op   vs base                 │
GlobFinder-4          111.0k ± 0%     111.0k ± 0%       ~ (p=0.675 n=10)
GitFinder-4           148.7k ± 0%     148.7k ± 0%       ~ (p=0.491 n=10)
CheckRules-4          14.52M ± 0%     14.53M ± 0%  +0.08% (p=0.002 n=10)
RuleIsIdentical-4      0.000 ± 0%      0.000 ± 0%       ~ (p=1.000 n=10) ¹
GetChecksForEntry-4   916.3k ± 0%     916.3k ± 0%       ~ (p=0.532 n=10)
geomean                           ²                +0.02%                ²
¹ all samples are equal
² summaries must be >0 to compute geomean

pkg: github.com/cloudflare/pint/internal/parser
        │   old.txt   │            new.txt            │
        │   sec/op    │   sec/op     vs base          │
Parse-4   16.20m ± 4%   16.35m ± 1%  ~ (p=0.123 n=10)

        │   old.txt    │            new.txt             │
        │     B/op     │     B/op      vs base          │
Parse-4   6.306Mi ± 0%   6.306Mi ± 0%  ~ (p=0.165 n=10)

        │   old.txt   │             new.txt             │
        │  allocs/op  │  allocs/op   vs base            │
Parse-4   102.7k ± 0%   102.7k ± 0%  ~ (p=1.000 n=10) ¹
¹ all samples are equal

pkg: github.com/cloudflare/pint/internal/parser/source
               │   old.txt   │            new.txt            │
               │   sec/op    │   sec/op     vs base          │
LabelsSource-4   5.646m ± 2%   5.679m ± 1%  ~ (p=0.436 n=10)

               │   old.txt    │            new.txt             │
               │     B/op     │     B/op      vs base          │
LabelsSource-4   4.440Mi ± 0%   4.442Mi ± 0%  ~ (p=0.796 n=10)

               │   old.txt   │              new.txt               │
               │  allocs/op  │  allocs/op   vs base               │
LabelsSource-4   36.35k ± 0%   36.35k ± 0%  +0.00% (p=0.039 n=10)

pkg: github.com/cloudflare/pint/internal/promapi
                    │   old.txt   │              new.txt               │
                    │   sec/op    │   sec/op     vs base               │
QueryCacheOnlySet-4   102.7n ± 1%   103.4n ± 3%  +0.73% (p=0.006 n=10)

                    │  old.txt   │            new.txt             │
                    │    B/op    │    B/op     vs base            │
QueryCacheOnlySet-4   64.00 ± 0%   64.00 ± 0%  ~ (p=1.000 n=10) ¹
¹ all samples are equal

                    │  old.txt   │            new.txt             │
                    │ allocs/op  │ allocs/op   vs base            │
QueryCacheOnlySet-4   1.000 ± 0%   1.000 ± 0%  ~ (p=1.000 n=10) ¹
¹ all samples are equal

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.56%. Comparing base (3326d5b) to head (429a082).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1721   +/-   ##
=======================================
  Coverage   99.56%   99.56%           
=======================================
  Files         109      109           
  Lines       13215    13215           
=======================================
  Hits        13158    13158           
  Misses         32       32           
  Partials       25       25           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.